Assume that you give a company a time limited copy of your software that
will expire on 12/31/05. Using this method allows a company to install it
on as many PCs as they wish with a single demo unlock code.(Software
Passport/Armadillo) You really cannot protect your software with time
limited trials if you cannot set the computer clock from an NTP source
during install. People can always set back the time on their PC. Once it
expires, they simply install it on another PC with the clock set back. So
then I suppose the best thing to do, is to require an internet connection
for software activation, where activation is simply syncing with an NTP
server during install. Does anybody have an easy way of doing this inside
of Setup Builder? (I didn't think that this was a real scenario until I
learned the hard way it was, and was being analyzed by a competitor.)

Jack T.

CapeSoft's nettalk.

Jason S

> CapeSoft's nettalk.<

I thought about that, and own it. I shied away because it is the only thing
that I need from it, and I don't like to carry around things that may break
with the next revision of CW. I'm currently on 6.1 because ClarioNET does
not have a 6.2 version available.

Thanks,
Jack T.

Create the dll with the older version and forget about it.

Jason S

Hi Jack,

>server during install. Does anybody have an easy way of doing this inside
>of Setup Builder? (I didn't think that this was a real scenario until I
>learned the hard way it was, and was being analyzed by a competitor.)

Use Armadillo. It will detect if the user messes with the clock and
lock it down.

Best regards,

Arnór Baldvinsson
Icetips Software
San Antonio, Texas, USA
www.icetips.com

Hi Arnor

I was just thinking about you and the fact that we've not seen you post much
lately. Glad to see you back!
--

Ben E. Brady
The information contained in the message above, as expressed by the author,
is copyright 2005 by Ben E. Brady, All rights strictly reserved worldwide.
The information contained in the message above may not be posted on any
other web site, whether a fee is charged for content or provided for free,
without the express written permission of the author.

www.clariondeveloper.com

Busy with non-cw activities. I've been buried in huge web site projects and
a network. I have quoted some more Clarion out there, and currently I'm
making some more changes to my install. Actually I have to since I upgraded
because my old ones broke.

Jack T.

Jack,
Have you considered an alternate approach? Instead of specifying an
exact date for evaluation expiration, use a specified number of days.
This avoids any issues with the user fiddling with the date/time
clock.
-- Regards, Roger Due

>Instead of specifying an exact date for evaluation expiration, use a
>specified number of days.<

Except then they can install it on the next computer and get another 60
days.

> This avoids any issues with the user fiddling with the date/time clock.<

The problem is that he isn't fiddling with the date/time. Otherwise I would
catch him in either scenario. They set it back before they install the
software, and leave it there. I would like to avoid nailing it to the
hardware, because then they cannot install it on a multitude of computers
when a company is looking at it. Limiting the number of records is a bit of
a problem because the demo database has to have quite a few for it to work.
There are a lot of things I could do. I'm trolling for something simple.
It was perfect until I discovered this.

Thanks,
Jack T.

On 20 Jul 2005 17:27:37 -0400, Jack T. wrote:

> Except then they can install it on the next computer and get another 60
> days.

That is another reason why the install executable should only valid for xxx
days before they have to get another. Just tell them that you do it this
way to make sure that "old" copies of the demo code do not accidentally get
installed.


> The problem is that he isn't fiddling with the date/time. Otherwise I would
> catch him in either scenario. They set it back before they install the
> software, and leave it there.

I wondered about that (as said in the other post)



> I would like to avoid nailing it to the
> hardware, because then they cannot install it on a multitude of computers
> when a company is looking at it. Limiting the number of records is a bit of
> a problem because the demo database has to have quite a few for it to work.
> There are a lot of things I could do. I'm trolling for something simple.
> It was perfect until I discovered this.

Jack - based on that, maybe go with the added timestamp AND a sequence
number for data in demo mode (just a couple of fields in the database).

Make the insertions sequential (starting with the first record you create
during the SILENT run at the program install).

Then make it so that the program will not work with data that does not come
from a record with that PRECISE timestamp. Since there is no way a
customer could set a clock back to a precise second when the record was
created - they can't beat it.

If they try to load data on another install - the program sees that the
stored timestamp does not match the first record timestamp and you can take
action from there...

Food for thought,

Charles



--
-------------------------------------------------------------------------------------------------------
Charles Edmonds

www.ezround.com - "So that's how they make those round corner HTML tables!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

Jack,
As Charles indicated, all you have to do is specify that the install
key is good for only 'x' number of days. For our products, we set that
to 1 day, but you could use whatever number of days is suitable for
you.
-- Regards, Roger Due

On 20 Jul 2005 13:20:41 -0400, Jack T. wrote:

> Assume that you give a company a time limited copy of your software that
> will expire on 12/31/05. Using this method allows a company to install it
> on as many PCs as they wish with a single demo unlock code.(Software
> Passport/Armadillo) You really cannot protect your software with time
> limited trials if you cannot set the computer clock from an NTP source
> during install. People can always set back the time on their PC. Once it
> expires, they simply install it on another PC with the clock set back. So
> then I suppose the best thing to do, is to require an internet connection
> for software activation, where activation is simply syncing with an NTP
> server during install. Does anybody have an easy way of doing this inside
> of Setup Builder? (I didn't think that this was a real scenario until I
> learned the hard way it was, and was being analyzed by a competitor.)

Jack,

While there is no perfect solution without some sort of online validation,
you can get around it if you are clever and use the tools at hand.


If your running Armadillo, then you can easily detect a change in the PC
clock. This includes clock forward and clock back. If they set the clock
back - install the app and set it forward, Armadillo WILL detect it and
shut it down.

You can also run your program during install mode with the SILENT option of
Armadillo.

Do this.

Don't ask if they want to run - just launch it.

Then do something in your own data files that marks the time (like write a
first record with extra fields that have a date/time stamp).


Later when you run( second time, etc), you can detect the date/time stamp
and add to it.

Also during demo mode - do not allow the customer to use data that was not
created from THAT machine and in THAT sequence.


I could go on and on with ideas about this, but there are ways to fix it.

BTW - if the customer complains about a little extra restrictions during
this period, remind them that they are getting a free ride and that when
they buy the product - they won't have it.


Also - do NOT write such long dates into the program certificate.

You can give them a trial key that expires end of year - but an installable
that expires in 30 days. Then put a new one up and require them to
download (or ask for another CD).

Like I said, maybe no perfect solution, but there are things to do.

Good luck!

Charles

--
-------------------------------------------------------------------------------------------------------
Charles Edmonds

www.ezround.com - "So that's how they make those round corner HTML tables!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

>Also during demo mode - do not allow the customer to use data that was not
>created from THAT machine and in THAT sequence.<

I'll think about that one. The forward/backward in Armadillo doesn't work
because they are not going forward and backward. They are setting the clock
back before the install.

Thanks,
Jack T.

Hi Jack,

>I'll think about that one. The forward/backward in Armadillo doesn't work
>because they are not going forward and backward. They are setting the clock
>back before the install.

This makes no sense. Armadillo will detect if the clock is changed.
Backward or forward. When your program is first run, Armadillo will
detect the clock setting. If you set it to expire in 30 days it will
expire in 30 days. If the user changes the clock, Armadillo will
detect it and lock it. So the user get's 30 days or until he messes
with the clock, which ever comes sooner. The setting of the clock
before the install makes no difference. What happens after the
install is what matters.

Best regards,

Arnór Baldvinsson
Icetips Software
San Antonio, Texas, USA
www.icetips.com

> This makes no sense. Armadillo will detect if the clock is changed.

It can't. The clock is not being set back after the program is installed,
it is set back before the program is installed. For instance, lets say that
you make the app stop working on 10/31/05. When 10/31/05 gets here, you
install it on a machine that has the date set to 7/31/05, and run it another
3 months. If you make it 90 days, it's even easier. Simply install it on
another computer. Number of days and expiration date doesn't fix it either
if the date is wrong.

If I set the end date to 10/31/05, AND I set the PC time to the current NTP
time during install, no matter how many computers they install the program
on, they will all expire on 10/31/05. If they try to install it on computer
without NTP access, then it won't install or run.

Thanks,
Jack T.

Jack,

You should be able to do this with Secwin Server.

Regards,

Mike Gould

> You should be able to do this with Secwin Server.<

Maybe I will scratch some code to do this, but I didn't want to invent what
has already been invented, and I want something simple and light where I
don't have CW version problems later.

Thanks,
Jack T.

Depending on the number of copies you're letting them use, it might be worth
investing in a handful of dongles.
Various ones are available that keep track of the date they're last used and
complain if they're installed into a machine whose date is set prior to the
last date the dongle was used.
You can use the dongles once on your own machine to ensure that the internal
last date is set correctly. Then your users won't be able to install them
on a machine whose date is set earlier.

Jane

I think I'll scratch some code. I'll start with net time, and if there is
no network, I'll try to hit the Navy clock. If that doesn't work, I'll
complain that I need an internet connection to "activate" the software and
shut it down. The dongle approach does not let me give it to them over the
internet, and they are not free.

Thanks,
Jack T.

Jack,

I have added a new SB5 (Developer Edition) function to support the retrieval
of the Atomic Clock time. The function we will connect to whatever Time
Server you want. By default, we'll use the "time.nist.gov" server.

I'll upload a test installer within the next few hours.

Friedrich

--
Friedrich Linder
CEO, Lindersoft
www.lindersoft.com
1.954.252.3910

"point. click. ship" - that's SetupBuilder 5

> As Charles indicated, all you have to do is specify that the install key
> is good for only 'x' number of days.<

That does not work.<g> Friedrich sees the hole. Setting the PC time from
an NTP server is now part of SetupBuilder.

Thanks,
Jack T.

Hi Jack,

>3 months. If you make it 90 days, it's even easier. Simply install it on
>another computer. Number of days and expiration date doesn't fix it either
>if the date is wrong.

Then check a time server in your program and if you find that the
clock is off by a certain margin, tell Armadillo to shut it down. My
point is that with a protective shell like Armadillo you get so much
more options that you can use to lock the program down if you detect
suspicious activity.

Best regards,

Arnór Baldvinsson
Icetips Software
San Antonio, Texas, USA
www.icetips.com

Hi Arnor,
I recall a while ago your having posted on your site CW code for
interfacing with Armadillo. Is that code still
available/usable/reasonably current?
Thanks

I don't know what Arnor may have posted. But the Clarion sample code I
posted last winter is still at: http://beachbunnysoftware.com/clarion/

I haven't updated it to include the new Armadillo string-in-the-key feature,
and I forgot to include the raw hardware lock calls. Except for those,
everything is still valid.

Jane

Hi Robert,

>I recall a while ago your having posted on your site CW code for
>interfacing with Armadillo. Is that code still
>available/usable/reasonably current?

In the Armadillo API help there is a topic about using Armadillo with
Clarion. It has a link to a zip on the siliconrealms.com website that
I think I provided. It is old, but I _think_ it still works.

Best regards,

Arnór Baldvinsson
Icetips Software
San Antonio, Texas, USA
www.icetips.com

Jane and Arnor,
Thank you both. That'll be a great help.

> I'll upload a test installer within the next few hours.<

Perfect! The installer is the perfect place for it too because you have
complete control. Fabulous!

Thanks,
Jack T.

Hi Jack,
I can't see any reason why Armadillo won't work with this scenario. If they
set the clock back to Jan 1 1900, it will run until the clock says Jan 31,
1900, or until they mess with the clock again, at which time it will stop
working.
30 days is 30 days, no matter what date it starts on.

Ben Morehouse

> 30 days is 30 days, no matter what date it starts on.

There are lots of ways around it. Install it on another machine, or, set
the clock back, do a restore, and copy back the current database, etc.

Jack T.